Advantage Dental notified 151,626 patients of data breach when their database of patient information was hacked between February 23rd and February 26th. The hackers had access to patient names, dates of birth, phone numbers, Social Security numbers and home addresses.

Bistro Burger confirmed that malware was installed on the point-of-sale system at their San Francisco location between October 2, 2014 and December 4, 2014. The information compromised included names, payment card account numbers, card expiration dates and security codes.

Information Source:
Media

records from this breach used in our total:
0

March 16, 2015

Apple America Group LLCIndependence, Ohio

BSF

PORT

Unknown

Apple America Group, LLC informed employees of a data breach when a portable USB flash drive owned by a third party vendor containing payroll information was lost.

The information on the portable usb drive included names, addresses, Social Security numbers, and wage and tax information.

Inland Empire Health Plan notified customers of a data breach when a desktop computer and other items were stolen from Children's Eyewear Sight. The police were able to aprehend the individual who perpetrated the theft.

The files on the computer included names, dates of birth, genders, addresses, contact phone numbers, email addresses, IEHP Member ID number, dates of appointments, dates of purchases, and the names of doctors who provided services.

The hotel chain Mandarin Oriental has announced that their point-of-sale systems were hacked and infected with malware that stole customer credit card data. The hacking, according to the hotel chain, is limited to hotels in the U.S and Europe.

The company has not communicated exactly how many of the hotels locations were compromised only stating that "Mandarin Oriental can confirm that the credit card systems in an
isolated number of our hotels in the US and Europe have been accessed
without authorization and in violation of both civil and criminal law.
The Group has identified and removed the malware and is coordinating
with credit card agencies, law enforcement authorities and forensic
specialists to ensure that all necessary steps are taken to fully
protect our guests and our systems across our portfolio.Unfortunately
incidents of this nature are increasingly becoming an industry-wide
concern. The Group takes the protection of customer information very
seriously and is coordinating with credit card agencies and the
necessary forensic specialists to ensure our guests are protected.”

According to Krebs on Security, "banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington D.C. Sources also say the compromise likely dates back to just before Christmas 2014."

Toys "R" Us contacted customers that their passwords to their reward program account would be reset in order to avoid an unauthorized attempts to their rewards program account.

The company communicated that those notified did not necessarily have their accounts accessed, however, the risk was higher due to the discovery by the company of "recycled login details used by some of its customers."

Between January 28th and January 30th, 2015, the company discovered a number of "illegal login attempts made to its Rewards "R" Us accounts." The current announcement is an additional security measure so that other customer accounts cannot be accessed in a similar way. "Out of an abundance of caution, we are therefore treating your account password as compromised and taking appropriate steps to address the situation," in a letter sent by the company to its customers.

Natural Grocers announced a possible datal breach of its customers payment cards.

The grocery retailer claims they have not received any reports or complaints of fraudulent activity of customers payment cards, however, according to Krebs on Security "Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country. The grocery chain says it is investigating "a potential data security incident invloving an unauthroized intrusion targeting limited customer payment card data.""

The grocery retailer has 93 stores in 15 states and has hired a third party vendor that specializes in data forensics to investigate the possible breach. The company claims that "no personally identifiable information, such as names, addresses or Social Security numbers, was involved, as the company does not collect that data as part of its payment processing system."

Again, as stated by KrebsOnSecurity, "According to a source with inside knowledge of the breach, the attackers broke injust before Christmas 2014, by attacking weaknesses in the company's database servers. From there, the attackers moved laterally with Natural Grocers internal network, eventually planting card-snooping malware on point-of-sale systems."

Piedmont Advantage Credit Union notified customers of a data breach when one of their laptops containing personal information of its members could not be located. The information contained names, addresses, dates of birth, member account numbers, and Social Security numbers. According to the credit union the laptop included password protected authentication.

Uber notified 50,000 drivers of an unauthorized access to their database which resulted in compromising driver data. The hacking took place in May of 2014. According to the company only names and driver's license numbers were compromised.

The company is offering identity protection services for affected drivers.

Lime Crime, an online cosmetics company notified customers of an unauthorized access to their website server which resulted in malware being installed. This malware allowed customer data to be captured, including credit card payment information.

The information compromised included names, addresses, card account numbers, expiration dates, security codes and Lime Crime website usernames and passwords. The malware affected customers who purchased items on the website from October 4, 2014 through February 15, 2015. For those customers that used PayPal to purchase items, their Lime Crime website usernames and passwords may have also been compromised.

Lone Star Circle of Care notified individuals of a data breach after the discovery of a back-up file containing containing names, addresses, phone numbers, and birth dates was accidentally posted on their website for view.

Jeb Bush's office inadvertently exposed 12,500 individuals' personal information as part of a larger cached file of 332,999 emails sent to him when he was the Governor of Florida.

The email was sent as part of a measure for transparency, however his team neglected to remove personal information if 12,500 of those individuals exposing names, Social Security numbers, and birthdates.

The office has since redacted the information, which were believed to have been individuals on a family services waiting list from 2003.

The University of Maine notified students of a data breach when a laptop was stolen with student roster information on it including Social Security numbers, phone numbers, email addresses, grade data and course information.

According to the university only 604 Social Security numbers were involved in the total of 941 records exposed.

Anthem, the second largest health insurance company operating under Anthem Blue Cross, Anthem Blue Cross and Blue Shield Amerigroup and Healthlink has suffered a massive data breach.

The company announced that they have been the victim of a "very sophisticated external cyber attack" on their system. The information compromised includes names, birthdays, medical ID's, Social Security Numbers, street addresses, e-mail addresses, employment and income information.

Over the next several weeks, those who were affected will be receiving some form of identity theft protection.

For those members with questions regarding the breach, the company has set up a toll- free line at 1-877-263-79951-877-263-7995 FREE.

More Information: For the statement by Anthem's CEO Joseph R. Swedish and the dedicated website created for customer information, click here.

UPDATE (2/10/2015): As further investigations are pursued regarding the Anthem breach, research by Brian Krebs and others show that the hacking began as early as April 2014 and is pointing to Chines hacker group known as "Deep Panda".

At the time, Anthem was called Wellpoint, and upon further investigation Krebs "discovered a series of connected domain names that appear to imitate actual Wellpoint sites, including we11point.com and myhr.we11point.com."

Because these sites were contructed almost 10 months prior, the question has now been raised as to why it took the company such a long time to uncover the hacking.

Riverside Regional Medical Center notified patients of a databreach when one of their employee laptops used in their Opthamology and Dermatology clinics was stolen that contained patient information.

The information on the laptop included names, phone numbers, addresses, dates of birth, Social Security Numbers, and clinical information such as medical record numbers, physicians, diagnosis, treatments received, medical departments and health insurance information.

The facility has set up 12 months free of Experian's ProtectMyID Alert for those affected. For questions call 1-866-313-7993.

California Pacific Medical Center notified 844 patients of a data breach to their system when an employee accessed records without authorization.

A total of 844 patients between October 2013 and October 2014, were accessed by this person who has since been terminated. The information obtained included patient demographics, last four digits of Social Security number, clinical information such as diagnosis, clinical notes, and prescription information.

The company states that the employee did not have access to full Social Security numbers, credit card or financial information, driver's license numbers, or California identification numbers.

Sunglo Home Health Services notified customers/patients of a data breach when their facility was broken into and stole one of their company lap tops. The laptop contained patient information including Social Security Numbers and personal health information.

Mount Pleasant School District has informed approximately 915 present and former staff members that their personal information may have been compromised between January 18th 2015 and January 21st 2015.

A spokesperson for Mount Pleasant School District stated “Forest Hills
District had a denial of service and discovered they had been hacked,”
she said. “The district’s technology director found a Tweet that
mentioned us. She looked us up on the Web and called us to let us know
on Tuesday.”

When the technology
director for Mount Pleasant clicked on the link, it directed him to a file that included names, addresses and Social Security numbers”
of MPISD staff.

Grillparts.com notified customers of a data breach to their website from January 2014 through October 2014.

The information compromised included first and last names, addresses, personal card account numbers, expiration dates, and credit/debit card security codes. It is currently unknown or has not been reported as to the number of people who were affected.

The company is providing the services of Kroll identity theft protection for one year at no cost to those who might have been affected by the breach.

Visit kroll.idMonitoringService.com and follow the online instructions to take advantage of the Identity Theft Protection Services. You will need to enter the membership ID provided by the company sent in a letter to those whose information has been or could have been compromised.

Oppenheimer Funds was notified by a brokerage firm that works with Oppenheimer Funds that customer information that was mistakenly made available to a representative of the associated brokerage firm.

The information included names, addresses, Oppenheimer Fund account numbers and Social Security numbers.

The company is offering credit protection through Equifax Consumer Services, LLC. For those affected they can reach out to Equifax Consumer Services at 1-888-766-00081-888-766-0008 FREE for information regarding the credit monitoring. Oppenheimer Funds provided a monitoring code to all those affected. The company can be reached at 1-800-225-56771-800-225-5677 FREE Monday through Friday from 8:00am to 8:00pm Easter time or visit the website at www.oppenheimerfunds.com.

Lokai informed customers of a data breach to their system from July 18, 2014 to October 28, 2014 by hackers who gained access to their server that hosts their website. The hackers installed a program that was designed to record information entered by customers.

An employee of Morgan Stanley stole customer information on 350,000 clients including account numbers. Additional information on what other information was captured has not yet been released. Files for as many as 900 clients ended up on a website.

The employee has since been fired and the bank is notifying all of the individuals affected and the FBI is currently investigating the incidence.

Chic-Fil-A has announced they are investigating a possible data breach to their payment card system. They have not released any details as to the reality of the breach, however, many experts are predicting it could be extensive.

The restaurant chaind operates over 1,850 stores nationwide. Suspicious activity on their payment systems and a report provided to the on December 19, 2014 as to suspicious activity, prompted the company to launch an investigation.

Additional information will be posted as soon as information is available.

Fast
food restaurant chain Chick-fil-A could well be the first retail breach
to be publicly confirmed in 2015. Chick-fil-A released a public
statement on Jan. 2, confirming that it is investigating a possible data
breach at its restaurants.
While Chick-fil-A's statement was issued on Jan. 2, the company admitted
that it received a report about a potential breach on Dec. 19. After
the report was received, Chick-fil-A indicated that it launched an
investigation to determine what had occurred.
"The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so."
Chick-fil-A reported 2013 sales of more than $5 billion and has over
1,850 locations, including both stand-alone restaurants and mall
locations. - See more at:
http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-...

Fast
food restaurant chain Chick-fil-A could well be the first retail breach
to be publicly confirmed in 2015. Chick-fil-A released a public
statement on Jan. 2, confirming that it is investigating a possible data
breach at its restaurants.
While Chick-fil-A's statement was issued on Jan. 2, the company admitted
that it received a report about a potential breach on Dec. 19. After
the report was received, Chick-fil-A indicated that it launched an
investigation to determine what had occurred.
"The initial report was of potential suspicious activity involving payment cards at a few restaurants," Chick-fil-A stated. "Our investigation is ongoing and we will update as we are able to do so."
Chick-fil-A reported 2013 sales of more than $5 billion and has over
1,850 locations, including both stand-alone restaurants and mall
locations. - See more at:
http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-...

Information Source:
Media

records from this breach used in our total:
0

January 1, 2015

Fast Forward AcademyAltamonte Springs, Florida

EDU

HACK

Unknown

The Fast Forward Academy LLC has notified customers of a data breach to their systems that store customer and partner information. The information compromised included names, addresses, Social Security numbers, and email addresses.

The company is providing access to Triple Bureau Credit Monitoring services at no charge for 12 months. Those affected can enroll at https://www.myidmanager.com/promo_code.html and provide the code provided by the company or call 1-866-717-94291-866-717-9429 FREE to set up services or their help line at 1-800-405-61081-800-405-6108 FREE Monday through Friday between the hours of 8 a.m. to 5 p.m. EST.

United Airlines notified customers of an unauthorized access to their MileagePlus account with usernames and passwords obtained from a third-party source.

The unauthorized access began on December 9, 2014, where the hacker (s) attempted to infiltrate the accounts of United Mileage Plus accounts. The hackers obtained MileagePlus numbers and possible account details. The company has stated that if the profile included a credit card number, only the last 4 digits of the card were visible.

United temporarily suspended Mileage Plus accounts. For those with suspended accounts they can call 1-800-421-46551-800-421-4655 FREE to change usernames, passwords, PIN's, and security questions.

The La Jolla Group has informed customers of a data breach in connection with ecommerce sites that the company manages for various apparel brand licensees.

On December 3, 2014 they noticed unauthorized access to check-out pages on the websites of certain clients. The company then launched an investigation and confirmed that certain information had been breached. The information included names, addresses, phone numbers, email addresses, credit card numbers, CVV2 data and credit card expiration dates of customers who checked out at their clients websites. According to the company no Social Security numbers were compromised.

The company has set up AllClearID for those who were affected for one year for free. Those with questions can contact their hotline at 1-877-403-02811-877-403-0281 FREE between 9:00 a.m and 9 p.m. Eastern Standard Time, Monday through Saturday.

LeapLab is being sued by the Federal Trade Commission for purchasing "payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it".

In another FTC case, Ideal Financial Solutions, used this information sold to them to withdraw millions of dollars from individual accounts without permission.

PlayStation and xBox networks over the holiday season. A group calling itself "LizardSquad" hacked both gaming networks on Christmas Day.

According to the group and KrebsOnSecurity, "various statements posted by self-described LizardSquad members on their open online chat forum - chat.lizardpartrol.com - suggest that these misguided individuals launched the attack for no other reason than because they thought it would be amusing to annoy and dissapoint people who received new Xbox and Playstation consoles as holiday gifts"

Microsoft Xbox Live networks were hacked by a group called "LizardSquad", preventing users from playing games over the holiday.

The assault was a DDoS attack (distributed denial-of-service) which "harness the Internet connectivity of many hacked or misconfigured systems so that those systems are forced to simultaneously flood target network with junk Internet traffic. The goal, of course, is to prevent legitimate visitors from being able to load the site or use the service under attack."

On November 14, 2014 an employee laptop and hard drive were stolen when their car was broken into. According to the company the laptop was password protected.

The information stored on the laptop included images taken during the course of treatment, names, banking, full routing numbers, credit card numbers, some financing applications that included Social Security Numbers, dates of birth, mailing address, email address, income, rent payments and employer names.

The company is providing 12 months free of AllClearID, call 1-877-437-3998

Corday Productions, Inc. has payroll administered by Sony Pictures Entertainment. As part of the Sony breach, Corday Production Inc.'s employees, independent contractors or employees of contractors providing services to Corday may have had personal information compromised.

The incident is still under investigation as part of the larger Sony investigation. Corday is offering AllClear ID to those who may have been affected. They can be contacted at 1-855-434-80771-855-434-8077 or https://www.allclearid.com/

Rob Kirby CPA notified customers of a data breach when the car he was driving was broken into and his briefcase, a password protected laptop and flash drive containing confidential client information was stolen.

The information stolen included tax returns for current and previous years, copies of supporting documents associated with the returns, including names, addresses, birth dates, and Social Security numbers for clients, spouses, and dependents.

Acosta, Inc. and its subsidiaries (Mosaic Sales Solutions US Operating Co. LLC) informed customers of a data breach when an employee of their Human Resources department had a laptop containing personal information stolen from their car on November 11, 2014.

For those affected, the company has set up a toll free number to assist with questions at 1-877-237-49711-877-237-4971 Monday through Friday 9:00 a.m to 7:00 p.m Eastern Standard Time. The reference number to the incident is #5316120814.

The University of California Berkeley has notified individuals of a data breach in their Real Estate Division that resulted in unauthorized access to servers used to support a number of Real Estate programs and work stations.

These workstations contained files that included some personal information. The investigation of the hacking showed that these servers were breached in mid-to late September.

The university is offering identity theft protection and fraud resolution through ID Experts for free for one year. For those affected call 1-877-846-63401-877-846-6340 Monday through Friday from 6 a.m to 6 p.m Pacific Time or go to www.myidcare.com/ucbinfo.

Emcor Services Mesa Energy Systems notified individual of a data breach when a company laptop was stolen that contained customers personal information.

The information contained on thelaptop included names, Social Security numbers, dates of birth, dates of hire, addresses, salaries, gender and ethnicity. The theft occurred on or around November 25, 2014.

The company is offering the services of Kroll for one year at no cost. For those who were affected they can call 1-866-775-42091-866-775-4209 from 8:00 a.m to 5 p.m Central Time, Monday through Friday.

For those with questions for the company can call Mike Cook at 1-949-460-46051-949-460-4605.

ABM Parking Services notified customers of a data breach when the point of sale software system implemented by Datapark USA Inc, a third party vendor for several Chicago, Illinois parking facilities was hacked. The information was compromised from October 6, 2014 through October 31, 2014.

The hackers were able to compromise certain customer credit and debit card information, including payment card numbers.

A toll-free information line has been made available for those affected. Customers can call 1-877-238-37901-877-238-3790. The company is offering one year free of Experian's ProtectMyID Elite for those affected.

The electronic payment provider Charge Anywhere has notified individuals of a data breach of their networks when an unauthorized person(s) installed "sophisticated malware" that allowed the hackers to "capture segments of outbound network traffic" as the company has explained in a statement released December 9, 2014.

The company stated that transactions completed from August 17, 2014 through September 24, 2014 were compromised. However, information as far back as November 5, 2009 could have been captured as well.

"The incident is the latest reminder of what happens to businesses that
handle credit card data and other sensitive information and yet fail to
full encrypt the data as it traverses their network. The company has
provided a searchable list of merchants who may have been affected by the breach."

500 Monroe County residents were notified by WellCare Health of disclosure of some of their personal information when their Medicare records were "mishandled" by a sub-contractor for the insurer.

The insurers vendor had an error in their computer coding causing denial letters to be sent to the wrong members. The information on the letters included names, addresses, member ID numbers and general descriptions of the procedure. According to the insurer, no Social Security numbers or financial information was disclosed in the letter.

Subscribers with questions can call WellCare at (888) 240-4946(888) 240-4946.

Bebe Stores have notified customers of a data breach to their point of sale systems that took place last month for several weeks. The goal of the hackers was to obtain payment card information. The hacking took place between November 8, 2014 and November 26, 2014

The retailer is not stating how many cards were affected and the breach is currently being investigated by forensic IT specialists.

Dallas Fire-Rescue had several laptops containing patient information come up missing from several of their ambulances.

"According to the city, those computers disappeared between January 1,
2011, and August 29, 2014. The city’s release did not say how many
laptops were unaccounted for — or how they disappeared. Messages have
been left for Sana Syed, the city’s spokesperson."

No specific information was provided as to what information was in the files. For those patients who have questions can call the Dallas Fire-Rescue EMS staff at (844) 532-5527.

American Residuals and Talen Inc, dba ART Payroll, a specialized payroll company for the entertainment, advertising and events production industry, notified customers of a breach to their system when hackers infiltrated their servers and obtained personal information.

Highlands-Cashier hospital in North Carolina informed patients of a data breach to their servers that contained patient data. The disclosure of the data was due to an error by one of their third party vendors, TruBridge a subsidiary of Computer Programs and Systems, Inc. when they were contracted to complete some specialized computer services.

A data security screening caught the disclosure on September 29, 2014 that exposed patient information between May 2012 through September 2014.

The information exposed included patient names, addresses, dates of birth, treatment information, diagnosis, helath insurance information and Social Security numbers. All of this information could be accessed via the Internet.

For those who might have been affected you can call 1-888-227-14161-888-227-1416 Monday through Friday between 9:00 a.m and 9:00 p.m Eastern Time.

University Hospital has informed 692 patients of that their personal information has been compromised. An employee of the hospital had been accessing the personal information of patients for over 3 years. The employee has been dismissed.